Security Tools

A native macOS network monitor. Combines Bonjour, ARP, SSDP, NetBIOS and active probing to show every connected device — Apple gadgets, smart TVs, IoT, printers — in one live window. Full per-device history: first seen, last seen, every online/offline transition. Five alert types for new, risky, or returning devices. One-click security scan checks common ports with plain-English findings. Built 100% in SwiftUI. No cloud, no account, no telemetry. Your data stays on your Mac. Free.

FinderLock is a native macOS app that lets you lock any file or folder in Finder with Touch ID or a password. AES-256 encryption — the same standard used by banks. Unlike FileVault (full-disk only), FinderLock protects individual files with one click. Double-click to unlock, auto-lock when idle, and lock icon badges right in Finder. Everything stays on your Mac. No accounts, no cloud, no telemetry. Free plan included. One-time purchase — no subscription.

AGG Labs SSO is a streamlined, fully-featured OIDC Identity Provider designed for developers who want complete control over their authentication layer. Forget bloated enterprise solutions. We provide seamless integration for your applications, featuring silent SSO, strict PKCE flows, granular active session management, device tracking, and an intuitive developer portal. Standardize your access control and build a unified ecosystem with an auth system that respects your architecture.

Hiro gets your security work done. It reads findings from Aikido and Wiz, pulls open tasks from Drata, and scans Supabase, Vercel, Github, and more then ships the fixes. Not a dashboard of homework. The homework, done.

Whisper Internet Infrastructure AI Context is an MCP server that plugs into Claude or Cursor in 2 minutes and gives your agent real-time BGP, DNS, WHOIS and threat-graph context. 46B data points, sub-ms queries, free tier. Founded by ex-RIPE NCC and ICANN engineers.

DeepFrame — a luxury security studio running authorized deep pentests for fast-moving web apps. Depth, clarity, retest.

Suprbox is a policy-gated vault for the data your AI agents read. Instead of handing an agent your Drive or S3 key, you give it a scoped Suprbox key every read is checked against rules you set (sensitivity, time-of-day, rate limits, human approval) and signed into an immutable audit log. Unlike prompt guardrails, Suprbox protects the data itself, so even a jailbroken or misconfigured agent can't exfiltrate what your policy denies. Built for teams running real agents on sensitive documents.

Vercel is open sourcing deepsec, an AI security harness that runs on your infrastructure, with your keys, against your code.

One platform to discover, assess, and protect all AI usage across your organization. FireTail gives you complete coverage across every employee, browser, device, application, and agent. Get the visibility, security and control you need to enable AI innovation at scale. Blackhat USA & Asia 2025 Startup Spotlight Top 4; TechCrunch Disrupt 2024 Startup Battlefield 200; SOC 2 Type 2

We are full force into cloud-based AI security scanners. Foil does it on your Mac, locally. Your code never leaves. It doesn't just alert: it explains why, validates the finding, and rewrites the code and does it 100% local, no API, no telemetry, no training the next model with your own code. It's edge AI built for developers, consultant or pentesters after a whitebox test, who can't (or won't) share the code.

Skill Inspector helps you analyze and understand the capabilities, risks, and behaviors of AI skills before they reach production. It inspects how skills are defined, what tools and permissions they rely on, and how they behave across different scenarios. Whether you're building copilots or AI-powered apps, Skill Inspector gives you the visibility and confidence to ship AI safely. Identify risky patterns, validate skill behavior, and ensure your AI does exactly what you expect - no surprises.

MindFort is the fastest way to deploy security agents. We secure your stack via autonomous agents that learn as they hack. We validate each vulnerability and give you native ways to patch. Built by a team with 15+ years of Cybersecurity experience. YC X25. Used by top startups + public companies.

Your SCA checks for CVEs. It doesn't check whether anyone is still maintaining the software. That's a different question, and until now, no tool answered it well. We track lifecycle status across 12M+ package versions using official EOL declarations and ML-based detection of maintainer abandonment. Upload a package.json, pom.xml, requirements.txt, or any SBOM and see exactly what's still maintained and what isn't. Direct and transitive deps. Every major ecosystem. Free of charge.

Hacktron collaborates in your workflow, identifies real vulnerabilities, and empowers developers like a senior security engineer. We combine deep code-level security review with automated pentesting to help teams find real issues faster, cut through low-signal findings, and give developers remediation information they can actually act on. Built by elite hackers who've spent careers exploiting the most complex and high-value targets, we operate by one principle: PoC || GTFO.

Cerberus is the world's first safe AI hacker. You can hack your entire app in plain English with a prompt "find vulnerabilities and exploit them in example.com". We also built the world's first AI hacker that's mathematically safe to run on production. It uses a new programming language where every hacking action must come with a mathematical proof that you authorized it — no proof, no action. Point it at your app, come back in 3-4 hours with a full security report.

The new Strix platform gives devs continuous security in one place: continuously pentest your apps, block vulnerable PRs before merge, generate merge-ready fixes, and track security posture over time.

Osintir protects your images and videos with invisible AI fingerprints and cryptographic proof, detecting deepfakes, unauthorized use, and identity theft across the web.

Monitor, measure, and mitigate GenAI model vulnerabilities through real-time analytics, automated probing, and insights driven from thousands of human researchers. The 0DIN Scanner delivers continuous assurance that your models remain secure. Test for jailbreaks, prompt injections, and data leakage in minutes. Deploy via Docker or SaaS, get a full security report, and compare your results against base lines from the frontier providers.

Developed by a team with 20+ years of experience in email deliverability, DMARKOFF is powerful enough for pros, and simple enough for everyone. You can manage all your domains in one place, organize them into projects, and share access safely. Instead of tying cost to messages, users or features, the pricing is simple: just $10 per domain, with unlimited reports and users. Unsure about what to fix first? Your personal AI assistant will help you analyze DMARC reports and provide clear next steps.

ORGN CDE is the enterprise AI IDE for developers who require privacy. A powerful AI code generator and software development tool guaranteeing security with confidential computing, provable encryption, and zero data retention.

OpenBox provides a trust platform for agentic AI, delivering runtime governance, cryptographic verification, and enterprise-grade compliance. Integrates via a single SDK with LangChain, LangGraph, Temporal, n8n, Mastra, and more. Available to every organization with no usage limits.